Virtualization & Cloud
- 31 janvier 2024Attackers abuse different supply-chain scenarios to indirectly compromise organizations and applications. We delve into how a software pipeline works, where attacks could come from, and how to improve security.
- 21 novembre 2023Kubernetes, also known as K8s, is a very complex open-source platform that requires detailed attention to security. Despite previous efforts to increase its security, Kubernetes remains insecure by default and requires different security tools to protect the cluster.
- 09 octobre 2023In this entry, we continue delving into an investigation of exposed registries and look at the types of files and information that malicious actors can access and compromise from these.
- 26 septembre 2023In this entry, we will discuss publicly exposed registries, which are repositories or databases containing information accessible to the public without the need for authentication.
- 14 juillet 2022We examined the potential risks associated with using the serverless environment service for secrets management.
- 14 juin 2022We examine Azure’s Managed Identities service and its security capability in a threat model as developers’ go-to feature for managing secrets and credentials.
- 12 mai 2022After looking at offerings by cloud service providers (CSPs), we examined the possibilities of using a more secure serverless environment by running a custom container.
- 04 mai 2022We looked into Azure App Services and created a threat model to mitigate the impact of threats on the infrastructure and applications.
- 14 janvier 2022We examined the potential risks associated with using the serverless environment service for secrets management.